Red Hat Bugzilla – Bug 155148
Transport mode (Host to Host) IPsec configured with system-config-network will not work
Last modified: 2014-03-16 22:53:24 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050322 Firefox/1.0.2 Red Hat/1.0.2-1.4.1
Description of problem:
The system-config-network tool with the choices for both hosts:
Host to Host Encryption
Manual with a fixed key (use the same keys in both hosts)
Provide the IP address of the end point (s) at each host
After running ifup ipsec0 on both hosts, I can see packets leaving for the IPsec host to host destination, and arriving at the destination with tcpdump. They appear to be encapsulated ok, but tcp communications seems to be impossible. It does not work.
I altered the /etc/sysconfig/network-scripts/ifup-ipsec file (See the attached one) and it now works. SPI_AH_IN and SPI_AH_OUT, and SPI_ESP_IN and SPI_ESP_OUT seem to be round the wrong way.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Run system-config-network to configure host to host encryption
2. Do ifup ipsec0 on the two hosts
3. Try sending and receiving packets to and from the two hosts
Actual Results: No tcp communication through the encrypted link can happen
Expected Results: tcp communication should work
Note that I have not tested any other configurations, just the host to host 'transport' mode.
This affects Red Hat Enterprise Linux 3, 4 and Fedora Core.
Created attachment 113277 [details]
Altered ifup-ipsec file
Full file with alterations to 'make it work'
*** This bug has been marked as a duplicate of 155149 ***